• Title/Summary/Keyword: User Authentication

Search Result 699, Processing Time 0.176 seconds

Design of GE subgroup based User Authentication Protocol For efficient Electric Commerce (효율적 전자상거래를 위한 유한체 서브그룹 기반의 사용자 인증 프로토콜 설계)

  • 정경숙;홍석미;정태충
    • The Journal of Society for e-Business Studies
    • /
    • v.9 no.1
    • /
    • pp.209-220
    • /
    • 2004
  • If protocol has fast operations and short key length, it can be efficient user authentication protocol. Lenstra and Verheul proposed XTR. XTR have short key length and fast computing speed. Therefore, this can be used usefully in complex arithmetic. In this paper, to design efficient user authentication protocol we used a subgroup of Galois Field to problem domain. Proposed protocol does not use GF(p/sup 6/) that is existent finite field, and uses GF(p²) that is subgroup and solves problem. XTR-ElGamal based user authentication protocol reduced bit number that is required when exchange key by doing with upside. Also, proposed protocol provided easy calculation and execution by reducing required overhead when calculate. In this paper, we designed authentication protocol with y/sub i/ = g/sup b.p/sup 2(i-1)//ㆍv mol q, 1(equation omitted) 3 that is required to do user authentication.

  • PDF

A Study on Smart-Card Based User Authentication (스마트카드 기반의 사용자 인증 기법에 관한 연구)

  • Lee, Jaeyoung
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.14 no.2
    • /
    • pp.27-33
    • /
    • 2018
  • User authentication scheme is a method for controlling unauthorized users' access to securely share the services and resources provided by the server and for verifying users with access rights. Initial user authentication scheme was based on passwords. Nowadays, various authentication schemes such as ID based, smart-card based, and attribute based are being researched. The study of Lee et al. suggested a user authentication scheme that provides forward secrecy and protects anonymity of users. However, it is vulnerable to attacks by outsiders and attackers who have acquired smart-cards. In this paper, we propose a modified smart-card authentication scheme to complement the weakness of the previous studies. The proposed user authentication scheme provides the security for the ID guessing attack and the password guessing attacks of the attacker who obtained the login request message and the user's smart-card.

User Authentication by using SMART CARD and PAM (스마트 카드와 PAM을 이용한 사용자 인증)

  • 강민정;강민수;박연식
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.637-640
    • /
    • 2003
  • Authentication between Server and Client is necessary in most of Internet Service because of increasing of using of Internet. Unix-based Server upgraded security of user authentication using "Shadow Password" instead of "crypt" function. But "Shadow Password" most use same authentication method about all services. But we individually can set user authentication method using PAM(Pluggable Authentication Module). This paper will propose user authentication system using Linux-PAM that use SMART CARD as authentication token.

  • PDF

RSA Algorithm for User Authentication System

  • Song, Byung-Ho;Bae, Sang-Hyun
    • Proceedings of the KAIS Fall Conference
    • /
    • /
    • pp.207-210
    • /
    • 2003
  • For the effective use of information in the information society, information should be protected and outflow of information by illegal users should be prevented. This study sets up user authentication policy, user authentication regulations and procedures for information protection and builds information protection key distribution center and encryption user Authentication system, which can protect information from illegal users.

  • PDF

World Without Boundaries and Trends in User Authentication Technology (경계없는 세상과 사용자 인증기술 동향)

  • Jin, S.H.;Cho, J.M.;Cho, S.R.;Cho, Y.S.;Kim, S.H.
    • Electronics and Telecommunications Trends
    • /
    • v.36 no.4
    • /
    • pp.135-144
    • /
    • 2021
  • The field of user authentication in Korea has experienced new dimensions since December 2020. Accredited certificate, which had been in use for 21 years since 1999, has been abolished. Accredited certificates have provided a trust foundation for various ICT-based industrial developments; however, new changes in the authentication sector are also required due to changes in the service and policy environment. Changes in the service environment occur rapidly because of the emergence of new technologies such as AI, IoT, Bio, Blockchain, and the daily use of non-face-to-face environments caused by COVID-19. Even with changes in the service environment, user authentication remains an essential foundation for providing services. This paper summarizes the current status of user authentication techniques, analyzes major changes in the service environment (such as Metaverse) associated with user authentication, and presents the direction of authentication techniques (Decentralized, Invisible, Privacy-preserving) through the derived implications.

A Study on the Development Process of User Authentication Software (사용자 인증 소프트웨어 개발 프로세스에 관한 연구)

  • 이상준;배석찬
    • The Journal of Society for e-Business Studies
    • /
    • v.9 no.1
    • /
    • pp.255-268
    • /
    • 2004
  • User authentication is indispensable in computer login and internet banking. Usability as well as security is needed in user authentication software. To develop the software systematically, development process must be defined, and it can result in the improvement of software maturity. In this paper, a process needed to develop user authentication software systematically is proposed from experience of developing visual password input software. This process is composed of 6 phases and 15 activities. It is able to improve usability with its requirement analysis, planning, integration testing, and acceptance testing activity.

  • PDF

A Method of Risk Assessment for Multi-Factor Authentication

  • Kim, Jae-Jung;Hong, Seng-Phil
    • Journal of Information Processing Systems
    • /
    • v.7 no.1
    • /
    • pp.187-198
    • /
    • 2011
  • User authentication refers to user identification based on something a user knows, something a user has, something a user is or something the user does; it can also take place based on a combination of two or more of such factors. With the increasingly diverse risks in online environments, user authentication methods are also becoming more diversified. This research analyzes user authentication methods being used in various online environments, such as web portals, electronic transactions, financial services and e-government, to identify the characteristics and issues of such authentication methods in order to present a user authentication level system model suitable for different online services. The results of our method are confirmed through a risk assessment and we verify its safety using the testing method presented in OWASP and NIST SP800-63.

Attribute based User Authentication for Contents Distribution Environments

  • Yoo, Hye-Joung
    • International Journal of Contents
    • /
    • v.8 no.3
    • /
    • pp.79-82
    • /
    • 2012
  • In digital contents distribution environments, a user authentication is an important security primitive to allow only authenticated user to use right services by checking the validity of membership. For example, in Internet Protocol Television (IPTV) environments, it is required to provide an access control according to the policy of content provider. Remote user authentication and key agreement scheme is used to validate the contents accessibility of a user. We propose a novel user authentication scheme using smart cards providing a secure access to multimedia contents service. Each user is authenticated using a subset of attributes which are issued in the registration phase without revealing individual's identity. Our scheme provides the anonymous authentication and the various permissions according to the combination of attributes which are assigned to each user. In spite of more functionality, the result of performance analysis shows that the computation and communication cost is very low. Using this scheme, the security of contents distribution environments in the client-server model can be significantly improved.

Security Improvement on Biometric-based Three Factors User Authentication Scheme for Multi-Server Environments (멀티서버 환경을 위한 생체정보 기반 삼중 요소 사용자 인증 기법의 안전성 개선)

  • Moon, Jongho;Won, Dongho
    • The Transactions of The Korean Institute of Electrical Engineers
    • /
    • v.65 no.12
    • /
    • pp.2167-2176
    • /
    • 2016
  • In the multi-server environment, remote user authentication has a very critical issue because it provides the authorization that enables users to access their resource or services. For this reason, numerous remote user authentication schemes have been proposed over recent years. Recently, Lin et al. have shown that the weaknesses of Baruah et al.'s three factors user authentication scheme for multi-server environment, and proposed an enhanced biometric-based remote user authentication scheme. They claimed that their scheme has many security features and can resist various well-known attacks; however, we found that Lin et al.'s scheme is still insecure. In this paper, we demonstrate that Lin et al.'s scheme is vulnerable against the outsider attack and user impersonation attack, and propose a new biometric-based scheme for authentication and key agreement that can be used in the multi-server environment. Lastly, we show that the proposed scheme is more secure and can support the security properties.

Modification of User Authentication Protocol for Partial Anonymity in the GSM System (GSM 시스템에서 부분적 익명성을 위한 사용자인증 프로토콜의 변형)

  • Park Mi-Og;Kim Sang-Geun
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.6C
    • /
    • pp.645-650
    • /
    • 2006
  • GSM(Global System for Mobile communications) provides mobile users with portability and convenience as the most popular standard for mobile phones in the world. However, GSM system has the problem that can't normally authenticate a user by the exposure of IMSI(International Mobile Subscriber Identity) of Ms(Mobile station) during the user authentication procedure. In this paper, we propose secure user authentication by preventing the exposure if IMSI via transfer the encrypted IMSI from the HLR(Home Location Register) and making the only network entities verified from the HLR use the IMSI value, as the modified mechanism based on the original user authentication protocol to solve this authentication problem. Also the proposed mechanism provides fast user authentication without changing the architecture between new VLR and old VLR in the original GSM user authentication protocol as well as user's anonymity by using a temporary ID.